New issue
Advanced search Search tips

Issue 651534 link

Starred by 2 users
Status: Available
Owner: ----
Cc:
jsb...@chromium.org
creis@chromium.org
mek@chromium.org
wfh@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug

Blocking:
issue 651502
issue 717092



Sign in to add a comment

ChildProcessSecurityPolicy::IsWebSafeScheme doesn't work right with blob/filesystem URLs

Project Member Reported by nick@chromium.org, Sep 29 2016 
ChildProcessSecurityPolicy::IsWebSafeScheme(std::string&) does not have enough information to render an appropriate judgment for blob and filesystem URLs. We should change it to accept an URL instead.

Comment 1 by creis@chromium.org, May 1 2017

Blocking: 717092

Comment 2 by creis@chromium.org, May 1 2017

Cc: creis@chromium.org jsb...@chromium.org
Labels: OS-All
Sounds like this is causing us to put subframe blob URLs into OOPIFs, even if they are same origin (in --site-per-process).  I can repro this manually on 60.0.3086.0 with --site-per-process when opening src/third_party/WebKit/LayoutTests/storage/indexeddb/blob-valid-after-deletion.html in a tab.  I see a "Subframe: blob:" line in the Chrome Task Manager.

This explains the test failure in  issue 717092 .

Comment 3 by jsb...@chromium.org, Jun 5 2017

Blocking: 651502

Comment 4 by jsb...@chromium.org, Dec 6 2017 

Any progress here? 

Just wondering if I get to resolve  issue 717092  any time soon. :)

Comment 5 by jsb...@chromium.org, Feb 12 2018

Cc: mek@chromium.org
ping?

Comment 6 by mek@chromium.org, Feb 12 2018 

sub-frame blob URLs should always be same-origin (although the spec doesn't currently say so).
Not sure if that helps here?

Comment 8 by nick@chromium.org, Sep 26

Owner: ----

Comment 9 by benhenry@google.com, Jan 11

Status: Available (was: Started)
This issue has been marked as started, but has no owner. Making available.

Sign in to add a comment